[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 231-240

Ensurepass

QUESTION 231

When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones. Which of the following would impact the security of conference’s resources?

 

A.

Wireless network security may need to be increased to decrease access of mobile devices.

B.

Physical security may need to be increased to deter or prevent theft of mobile devices.

C.

Network security may need to be increased by reducing the number of available physical network jacks.

D.

Wireless network security may need to be decreased to allow for increased access of mobile devices.

 

Correct Answer: C

 

 

QUESTION 232

As part of the ongoing information security plan in a large software development company, the Chief Information officer (CIO) has decided to review and update the company’s privacy policies and procedures to reflect the changing business environment and business requirements. Training and awareness of the new policies and procedures has been incorporated into the security awareness program which should be:

 

A.

presented by top level management to only data handling staff.

B.

customized for the various departments and staff roles.

C.

technical in nature to ensure all development staff understand the procedures.

D.

used to promote the importance of the security department.

 

Correct Answer: B

 

 

QUESTION 233

The security manager of a company has hired an external consultant to conduct a security assessment of the company network. The contract stipulates that the consultant is not allowed to transmit any data on the company network while performing wired and wireless security assessments. Which of the following technical means can the consultant use to determine the manufacturer and likely operating system of the company wireless and wired network devices, as well as the computers connected to the company network?

 

A.

Social engineering

B.

Protocol analyzer

C.

Port scanner

D.

Grey box testing

 

Correct Answer: B

 

 

QUESTION 234

A security administrator is conducting network forensic analysis of a recent defacement of the company’s secure web payment server (HTTPS). The server was compromised around the New Year’s holiday when all the company employees were off. The comp
any’s network diagram is summarized below:

 

clip_image002Internet

clip_image002[1]Gateway Firewall

clip_image002[2]IDS

clip_image002[3]Web SSL Accelerator

clip_image002[4]Web Server Farm

clip_image002[5]Internal Firewall

clip_image002[6]Company Internal Network

 

The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm
during the holiday. Which of the following is true?

 

A.

The security administrator should review the IDS logs to determine the source of the attack and the attack vector used to compromise the web server.

B.

The security administrator must correlate the external firewall logs with the intrusion detection system logs to determine what specific attack led to the web server compromise.

C.

The security administrator must reconfigure the network and place the IDS between the SSL accelerator and the server farm to be able to determine the cause of future attacks.

D.

The security administrator must correlate logs from all the devices in the network diagram to determine what specific attack led to the web server compromise.

 

Correct Answer: C

 

 

QUESTION 235

About twice a year a switch fails in a company’s network center. Under the maintenance contract, the switch would be replaced in two hours losing the business $1,000 per hour. The cost of a spare switch is $3,000 wit
h a 12-hour delivery time and would eliminate downtime costs if purchased ahead of time. The maintenance contract is $1,500 per year. Which of the following is true in this scenario?

 

A.

It is more cost-effective to eliminate the maintenance contract and purchase a replacement upon failure.

B.

It is more cost-effective to purchase a spare switch prior to an outage and eliminate the maintenance contract.

C.

It is more cost-effective to keep the maintenance contract instead of purchasing a spare switch prior to an outage.

D.

It is more cost-effective to purchase a spare switch prior to an outage and keep the maintenance contract.

 

Correct Answer: D

 

 

QUESTION 236

A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website. After performing the business process analysis, the administrator decides the services need to operate in a dynamic fashion. T
he company has also been the victim of data injection attacks in the past and needs to build in mitigation features. Based on these requirements and past vulnerabilities, which of the following needs to be incorporated into the SOA?

 

A.

Point to point VPNs for all corporate intranet users.

B.

Cryptographic hashes of all data transferred between services.

C.

Service to service authentication for all workflows.

D.

Two-factor authentication and signed code

Correct Answer: C

 

 

QUESTION 237

A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is comprised of 20 employees, operating off of two shared servers. One server houses employee data and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but do not access either of the servers remotely. Assuming no security policies or procedures are in place right now, which of the following would be the MOST applicable for implementation? (Select TWO).

 

A.

Password Policy

B.

Data Classification Policy

C.

Wireless Access Procedure

D.

VPN Policy

E.

Database Administrative Procedure

 

Correct Answer: AB

 

 

QUESTION 238

A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re-usable patterns into account. Which of the following would BEST help to achieve these objectives?

 

A.

Construct a library of re-usable security patterns

B.

Construct a security control library

C.

Introduce an ESA framework

D.

Include SRTM in the SDLC

 

Correct Answer: C

 

 

QUESTION 239

A manager who was attending an all-day training session was overdue entering bonus and payroll information for subordinates. The manager felt the best way to get the changes entered while in training was to log into the p
ayroll system, and then activate desktop sharing with a trusted subordinate. The manager granted the subordinate control of the desktop thereby giving the subordinate full access to the payroll system. The subordinate did not have authorization to be in the payroll system. Another employee reported the incident to the security team. Which of the following would be the MOST appropriate method for dealing with this issue going forward?

 

A.

Provide targeted security awareness training and impose termination for repeat violators.

B.

Block desktop sharing and web conferencing applications and enable use only with approval.

C.

Actively monitor the data traffic for each employee using desktop sharing or web conferencing applications.

D.

Permanently block desktop sharing and web conferencing applications and do not allow its use at the company.

 

Correct Answer: A

QUESTION 240

A security manager is developing new policies and procedures. Which of the following is a best practice in end user security?

 

A.

Employee identity badges and physical access controls to ensure only staff are allowed onsite.

B.

A training program that is consistent, ongoing, and relevant.

C.

Access controls to prevent end users from gaining access to confidential data.

D.

Access controls for computer systems and networks with two-factor authentication.

 

Correct Answer: B

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.